This exploit demonstrates an authentication bypass vulnerability in Emby MediaServer versions 3.2.5 and earlier. It allows an unauthenticated attacker on the same network to reset all user passwords to blank by exploiting a password reset feature and a file disclosure vulnerability.
Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:Emby MediaServer 3.2.5 and earlier
No auth needed
Prerequisites:Network access to the target Emby server